managers events views

2024-11-29 10:24:20 +01:00 · 2020-04-28 12:48:03 +02:00 · 2020-04-28 12:48:03 +02:00 · 3e177b5177
commit 3e177b5177
parent e56fba1c03
9 changed files with 61 additions and 46 deletions
--- a/app/assets/javascripts/controllers/events.js.erb
+++ b/app/assets/javascripts/controllers/events.js.erb
@ -126,8 +126,8 @@ Application.Controllers.controller('EventsController', ['$scope', '$state', 'Eve
  }
 ]);
-Application.Controllers.controller('ShowEventController', ['$scope', '$state', '$stateParams', '$rootScope', 'Event', '$uibModal', 'Member', 'Reservation', 'Price', 'CustomAsset', 'Slot', 'eventPromise', 'growl', '_t', 'Wallet', 'helpers', 'dialogs', 'priceCategoriesPromise', 'settingsPromise',
+Application.Controllers.controller('ShowEventController', ['$scope', '$state', '$stateParams', '$rootScope', 'Event', '$uibModal', 'Member', 'Reservation', 'Price', 'CustomAsset', 'Slot', 'eventPromise', 'growl', '_t', 'Wallet', 'AuthService', 'helpers', 'dialogs', 'priceCategoriesPromise', 'settingsPromise',
-  function ($scope, $state, $stateParams, $rootScope, Event, $uibModal, Member, Reservation, Price, CustomAsset, Slot, eventPromise, growl, _t, Wallet, helpers, dialogs, priceCategoriesPromise, settingsPromise) {
+  function ($scope, $state, $stateParams, $rootScope, Event, $uibModal, Member, Reservation, Price, CustomAsset, Slot, eventPromise, growl, _t, Wallet, AuthService, helpers, dialogs, priceCategoriesPromise, settingsPromise) {
    /* PUBLIC SCOPE */
    // reservations for the currently shown event
@ -245,32 +245,32 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
      if ($scope.event.nb_total_places > 0) {
        $scope.reserveSuccess = false;
        if (!$scope.isAuthenticated()) {
-          return $scope.login(null, function (user) {
+          $scope.login(null, function (user) {
-            if (user.role !== 'admin') {
+            if (user.role !== 'admin' || user.role !== 'manager') {
-              return $scope.ctrl.member = user;
+              $scope.ctrl.member = user;
            }
            const sameTimeReservations = findReservationsAtSameTime();
            if (sameTimeReservations.length > 0) {
              showReserveSlotSameTimeModal(sameTimeReservations, function(res) {
-                return $scope.reserve.toReserve = !$scope.reserve.toReserve;
+                $scope.reserve.toReserve = !$scope.reserve.toReserve;
              });
            } else {
-              return $scope.reserve.toReserve = !$scope.reserve.toReserve;
+              $scope.reserve.toReserve = !$scope.reserve.toReserve;
            }
          });
        } else {
-          if ($scope.currentUser.role === 'admin') {
+          if (AuthService.isAuthorized(['admin', 'manager'])) {
-            return $scope.reserve.toReserve = !$scope.reserve.toReserve;
+            $scope.reserve.toReserve = !$scope.reserve.toReserve;
          } else {
            Member.get({ id: $scope.currentUser.id }, function (member) {
              $scope.ctrl.member = member;
              const sameTimeReservations = findReservationsAtSameTime();
              if (sameTimeReservations.length > 0) {
                showReserveSlotSameTimeModal(sameTimeReservations, function(res) {
-                  return $scope.reserve.toReserve = !$scope.reserve.toReserve;
+                  $scope.reserve.toReserve = !$scope.reserve.toReserve;
                });
              } else {
-                return $scope.reserve.toReserve = !$scope.reserve.toReserve;
+                $scope.reserve.toReserve = !$scope.reserve.toReserve;
              }
            });
          }
@ -286,9 +286,9 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
      resetEventReserve();
      $scope.reserveSuccess = false;
      if ($scope.ctrl.member) {
-        return Member.get({ id: $scope.ctrl.member.id }, function (member) {
+        Member.get({ id: $scope.ctrl.member.id }, function (member) {
          $scope.ctrl.member = member;
-          return getReservations($scope.event.id, 'Event', $scope.ctrl.member.id);
+          getReservations($scope.event.id, 'Event', $scope.ctrl.member.id);
        });
      }
    };
@ -303,14 +303,17 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
        return Wallet.getWalletByUser({ user_id: $scope.ctrl.member.id }, function (wallet) {
          const amountToPay = helpers.getAmountToPay($scope.reserve.amountTotal, wallet.amount);
-          if (($scope.currentUser.role !== 'admin') && (amountToPay > 0)) {
+          if ((AuthService.isAuthorized(['member']) && amountToPay > 0)
            || (AuthService.isAuthorized('manager') && $scope.ctrl.member.id === $rootScope.currentUser.id && amountToPay > 0)) {
            if ($rootScope.fablabWithoutOnlinePayment) {
              growl.error(_t('app.public.events_show.online_payment_disabled'));
            } else {
              return payByStripe(reservation);
            }
          } else {
-            if (($scope.currentUser.role === 'admin') || (amountToPay === 0)) {
+            if (AuthService.isAuthorized('admin')
              || (AuthService.isAuthorized('manager') && $scope.ctrl.member.id !== $rootScope.currentUser.id)
              || amountToPay === 0) {
              return payOnSite(reservation);
            }
          }
@ -564,7 +567,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
      }
      // watch when a coupon is applied to re-compute the total price
-      return $scope.$watch('coupon.applied', function (newValue, oldValue) {
+      $scope.$watch('coupon.applied', function (newValue, oldValue) {
        if ((newValue !== null) || (oldValue !== null)) {
          return $scope.computeEventAmount();
        }
@ -577,7 +580,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
     * @param reservable_type {string} 'Event'
     * @param user_id {number} the user's id (current or managed)
     */
-    var getReservations = function (reservable_id, reservable_type, user_id) {
+    const getReservations = function (reservable_id, reservable_type, user_id) {
      Reservation.query({
        reservable_id,
        reservable_type,
@ -592,7 +595,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
     * @param event {Object} Current event
     * @return {{user_id:number, reservable_id:number, reservable_type:string, slots_attributes:Array<Object>, nb_reserve_places:number}}
     */
-    var mkReservation = function (member, reserve, event) {
+    const mkReservation = function (member, reserve, event) {
      const reservation = {
        user_id: member.id,
        reservable_id: event.id,
@ -628,7 +631,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
     * @param coupon {Object} Coupon as returned from the API
     * @return {{reservation:Object, coupon_code:string}}
     */
-    var mkRequestParams = function (reservation, coupon) {
+    const mkRequestParams = function (reservation, coupon) {
      const params = {
        reservation,
        coupon_code: ((coupon ? coupon.code : undefined))
@ -640,7 +643,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
    /**
     * Set the current reservation to the default values. This implies the reservation form to be hidden.
     */
-    var resetEventReserve = function () {
+    const resetEventReserve = function () {
      if ($scope.event) {
        $scope.reserve = {
          nbPlaces: {
@ -666,7 +669,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
     * Open a modal window which trigger the stripe payment process
     * @param reservation {Object} to book
     */
-    var payByStripe = function (reservation) {
+    const payByStripe = function (reservation) {
      $uibModal.open({
        templateUrl: '<%= asset_path "stripe/payment_modal.html" %>',
        size: 'md',
@ -730,7 +733,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
     * Open a modal window which trigger the local payment process
     * @param reservation {Object} to book
     */
-    var payOnSite = function (reservation) {
+    const payOnSite = function (reservation) {
      $uibModal.open({
        templateUrl: '<%= asset_path "shared/valid_reservation_modal.html" %>',
        size: 'sm',
@ -808,7 +811,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
     * What to do after the payment was successful
     * @param reservation {Object} booked reservation
     */
-    var afterPayment = function (reservation) {
+    const afterPayment = function (reservation) {
      $scope.event.nb_free_places = $scope.event.nb_free_places - reservation.total_booked_seats;
      resetEventReserve();
      $scope.reserveSuccess = true;
@ -822,7 +825,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
    /**
     * Find user's reservations, the same date at the same time, with event
     */
-    var findReservationsAtSameTime = function () {
+    const findReservationsAtSameTime = function () {
      let sameTimeReservations = [
        'training_reservations',
        'machine_reservations',
@ -848,7 +851,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', '
     * @param sameTimeReservations {Array} reservations the same date at the same time
     * @param callback {function} callback will invoke when user confirm
     */
-    var showReserveSlotSameTimeModal = function(sameTimeReservations, callback) {
+    const showReserveSlotSameTimeModal = function(sameTimeReservations, callback) {
      const modalInstance = $uibModal.open({
        animation: true,
        templateUrl: '<%= asset_path "shared/_reserve_slot_same_time.html" %>',
--- a/app/assets/templates/admin/events/index.html.erb
+++ b/app/assets/templates/admin/events/index.html.erb
@ -11,7 +11,7 @@
      </section>
    </div>
-    <div class="col-xs-12 col-sm-12 col-md-3 b-t hide-b-md" ng-if="isAuthorized(['admin'])">
+    <div class="col-xs-12 col-sm-12 col-md-3 b-t hide-b-md" ng-if="isAuthorized(['admin', 'manager'])">
      <section class="heading-actions wrapper">
        <a class="btn btn-lg btn-warning bg-white b-2x rounded m-t-sm upper text-sm" ui-sref="app.admin.events_new" role="button" translate>{{ 'app.admin.events.add_an_event' }}</a>
      </section>
@ -26,7 +26,7 @@
           ui-tour-scroll-parent-id="content-main"
           post-render="setupEventsTour">
    <div class="row">
-      <div class="col-md-12">
+      <div class="col-md-12" ng-show="isAuthorized('admin')">
        <uib-tabset justified="true" active="tabs.active">
          <uib-tab heading="{{ 'app.admin.events.events_monitoring' | translate }}" index="0">
            <ng-include src="'<%= asset_path "admin/events/monitoring.html" %>'"></ng-include>
@ -41,6 +41,9 @@
          </uib-tab>
        </uib-tabset>
      </div>
      <div class="col-md-12" ng-show="isAuthorized('manager')">
        <ng-include src="'<%= asset_path "admin/events/monitoring.html" %>'"></ng-include>
      </div>
    </div>
  </section>
 </section>
--- a/app/assets/templates/events/show.html.erb
+++ b/app/assets/templates/events/show.html.erb
@ -14,11 +14,11 @@
      </section>
    </div>
-    <div class="col-xs-12 col-sm-12 col-md-3 b-t hide-b-md" ng-if="isAuthorized('admin')">
+    <div class="col-xs-12 col-sm-12 col-md-3 b-t hide-b-md" ng-if="isAuthorized(['admin', 'manager'])">
      <section class="heading-actions wrapper">
-          <a ui-sref="app.admin.events_edit({id: event.id})" ng-if="isAuthorized('admin')" class="btn btn-lg btn-warning bg-white b-2x rounded m-t-xs text-u-c text-sm"><i class="fa fa-edit"></i> {{ 'app.shared.buttons.edit' | translate }}</a>
+          <a ui-sref="app.admin.events_edit({id: event.id})" class="btn btn-lg btn-warning bg-white b-2x rounded m-t-xs text-u-c text-sm"><i class="fa fa-edit"></i> {{ 'app.shared.buttons.edit' | translate }}</a>
-          <a ng-click="deleteEvent(event)" ng-if="isAuthorized('admin')" class="btn btn-lg btn-danger b-2x rounded no-b m-t-xs"><i class="fa fa-trash-o"></i></a>
+          <a ng-click="deleteEvent(event)" class="btn btn-lg btn-danger b-2x rounded no-b m-t-xs"><i class="fa fa-trash-o"></i></a>
      </section>
    </div>
@ -62,7 +62,7 @@
        </ul>
    </section>
-    <div ng-if="currentUser.role === 'admin'">
+    <div ng-if="isAuthorized(['admin', 'manager'])">
      <select-member></select-member>
    </div>
--- a/app/controllers/api/reservations_controller.rb
+++ b/app/controllers/api/reservations_controller.rb
@ -9,13 +9,13 @@ class API::ReservationsController < API::ApiController
  def index
    if params[:reservable_id] && params[:reservable_type] && params[:user_id]
-      params[:user_id] = current_user.id unless current_user.admin?
+      params[:user_id] = current_user.id unless current_user.admin? || current_user.manager?
      where_clause = params.permit(:reservable_id, :reservable_type).to_h
      where_clause[:statistic_profile_id] = StatisticProfile.find_by!(user_id: params[:user_id])
      @reservations = Reservation.where(where_clause)
-    elsif params[:reservable_id] && params[:reservable_type] && current_user.admin?
+    elsif params[:reservable_id] && params[:reservable_type] && (current_user.admin? || current_user.manager?)
      @reservations = Reservation.where(params.permit(:reservable_id, :reservable_type))
    else
      @reservations = []
--- a/app/controllers/confirmations_controller.rb
+++ b/app/controllers/confirmations_controller.rb
@ -1,3 +1,6 @@
 # frozen_string_literal: true
 # Devise controller to handle validation of email addresses
 class ConfirmationsController < Devise::ConfirmationsController
  # The path used after confirmation.
  def after_confirmation_path_for(resource_name, resource)
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@ -1,5 +1,8 @@
 # frozen_string_literal: true
 # Devise controller used for the "forgotten password" feature
 class PasswordsController < Devise::PasswordsController
-  # POST /resource/password
+  # POST /users/password.json
  def create
    self.resource = resource_class.send_reset_password_instructions(resource_params)
    yield resource if block_given?
--- a/app/controllers/social_bot_controller.rb
+++ b/app/controllers/social_bot_controller.rb
@ -1,14 +1,17 @@
 # frozen_string_literal: true
 # Handle requests originated by indexer bots of social networks
 class SocialBotController < ActionController::Base
  def share
    case request.original_fullpath
-      when /(=%2F|\/)projects(%2F|\/)([\-0-9a-z_]+)/
+    when %r{(=%2F|/)projects(%2F|/)([\-0-9a-z_]+)}
-        @project = Project.friendly.find("#{$3}")
+      @project = Project.friendly.find(Regexp.last_match(3).to_s)
      render :project, status: :ok
-      when /(=%2F|\/)events(%2F|\/)([0-9]+)/
+    when %r{(=%2F|/)events(%2F|/)([0-9]+)}
-        @event = Event.find("#{$3}".to_i)
+      @event = Event.find(Regexp.last_match(3).to_s.to_i)
      render :event, status: :ok
-      when /(=%2F|\/)trainings(%2F|\/)([\-0-9a-z_]+)/
+    when %r{(=%2F|/)trainings(%2F|/)([\-0-9a-z_]+)}
-        @training = Training.friendly.find("#{$3}")
+      @training = Training.friendly.find(Regexp.last_match(3).to_s)
      render :training, status: :ok
    else
      puts "unknown bot request : #{request.original_url}"
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -311,7 +311,7 @@ class User < ApplicationRecord
  protected
-  # remove projets drafts that are not linked to another user
+  # remove projects drafts that are not linked to another user
  def remove_orphan_drafts
    orphans = my_projects
              .joins('LEFT JOIN project_users ON projects.id = project_users.project_id')
--- a/app/policies/event_policy.rb
+++ b/app/policies/event_policy.rb
@ -18,7 +18,7 @@ class EventPolicy < ApplicationPolicy
  end
  def create?
-    user.admin?
+    user.admin? || user.manager?
  end
  def update?